Our Blog

pexels mikhail nilov 6963061
September 20, 2021

How to tell the difference between a phishing scam and a legitimate e-mail

You’ve probably heard that scammers are tricking people into giving them their personal information through phishing scams that look like emails from legitimate companies or services, such as banks or social media sites. But how can you tell the difference between what’s real and what’s fake? Here are three ways to tell if an email asking you to click on a password reset link is legitimate or not.

1) Phishing is on the rise

More than 250 million people get targeted with malicious links or attachments in their inboxes every month. While it’s fairly easy to avoid getting into trouble if you know what to look for, not everyone does, which is why it’s important to learn how to tell genuine e-mails from scams. These are some of my top tips on how not fall victim when an attacker wants your username, password or any other kind of personal information.  Don’t click random links: If you don’t recognize an email address that has sent you something — especially one that contains a password reset link — don’t click it. Legitimate companies will never send password reset instructions like that over email; instead, they will generally include security questions so you can change your password without having to enter sensitive details. Be wary of senders who have been compromised: In 2014, several tech companies including Twitter and Spotify saw hackers break into their services through employee accounts due to weak passwords. What might start as an account compromise could quickly turn into phishing attacks or data theft, so be sure to change all passwords just in case whenever there is a security breach at another service provider online.

2) Always check your address bar when logging into websites

If you receive an email from your bank asking you to update your account info, resist that urge for just a second. One of biggest ways scammers steal information is by tricking users into visiting fake websites. To avoid falling victim, always hover over any link before clicking it. If it doesn’t look right—if it’s not on your bank’s site or on any site you recognize—just type in its URL manually. And if you don’t know who sent an email? Delete it immediately. It’s better to be safe than sorry!

3) Never trust an email with no subject line

Many scammers will try to make their messages seem urgent by including a line at the top of an email, even if there’s no subject. This is often called the hook or the subject line. If you see one of these in an email from an unknown sender, it’s probably best not to click any links contained in that message. If you aren’t expecting something from someone, don’t open it. Phishing scams are designed to get unsuspecting users to act quickly; whether it be clicking on a link or revealing login information, many users fall for phishing attempts because they just want an issue solved immediately. Some emails purport to be communications about financial matters; others ask for your credit card details. Just because you feel pressure doesn’t mean you have to give into it; ignore suspicious emails, particularly those with strange or overly demanding requests attached.

4) Never click on password reset links in e-mails unless you're expecting them

Online scams are growing more sophisticated every day, with scammers finding new ways to fool people into revealing personal information. Many try phishing attacks, which trick users into giving up passwords or other sensitive data by pretending to be trustworthy sources. These can look like an official password reset link in an email—which will take you to a site looking identical to your bank’s website—or can pose as Google Docs that require you enter your username and password for verification purposes.


Phishing scams are prevalent online. At any given time, there are probably thousands of them floating around in your inbox. But how do you know if an email is actually from who it claims to be? The answer: You can’t always trust it. Always be vigilant. If you are unsure, all clients of Spruce Tree Media include free e-mail inspection.

white text horizontal stm logo250
We proudly acknowledge that we conduct business on the unceded territory of the Haisla Nation.
© 2022 Spruce Tree Media Ltd. All Rights Reserved.
menu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram